Description:
We are looking for an Application Security Engineer for the location based in Dubai, UAE with the below skillsets,
1. Job Accountabilities Linked to Objective Areas:
- Depth knowledge of automated tools (Checkmarx, Fortify) and Manual Source Code review of programming language (Php, .Net, Objective C, Python, Java).
- Execute in-depth automated and manual discovery of security vulnerabilities in Web application and Mobile Apps (iOS & Android).
- Write comprehensive security assessment reports and make appropriate recommendations for the vulnerabilities that are identified during the security assessments.
- Provide necessary knowledge transfer of the vulnerabilities found during the assessments to the software engineering teams by means of meetings, walkthroughs, technical discussions etc. for implementing appropriate security fixes.
- Track all the identified security weaknesses and risks through their life-cycle from identification to resolution to verification and closure through the Information Security Risk Tracking system.
- Participate in evolving the assurance program on an ongoing basis to incorporate industry best practices, offensive and defensive attack techniques.
- Collaborate with software engineering teams to ensure a better understanding of the business and have to get more context for each assessments that needs to be carried out.
- Collaborate with application development teams on improving security in the Software Development Life Cycle (SDLC) by offering awareness, training, new tooling and expert review.
- Minimum Qualifications/Experience/Knowledge/Skills
Qualifications:
- Degree or honours (12+3 equivalent)
- Candidate with Computer Science or Computer Engineering preferred
Experience:
- 7+ years of relevant experience in the information security domain
Knowledge/Skill Set:
- Offensive Security Certified Professional (OSCP) – Preferred
- GIAC Web Application Penetration Tester (GWAPT) – Preferred
- Certified Information Systems Security Professional (CISSP) – Preferred
- Experience building tools and processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases.
- Expertise with browser security controls (CSP, XFO, HSTS, etc.), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH, JWT).
- Experience in database, application, and web server security design, implementation & review.
- Knowledge on Infrastructure Security is a plus.